×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Finland's Upper Secondary School Exams Going All-Linux

timothy posted about 8 months ago | from the local-boy-makes-good dept.

Education 55

First time accepted submitter jovius writes "The Matriculation Examination Board of Finland has just opened an international hacking contest to find flaws and exploits in Digabi Live — the Live Debian based operating system to be used in the all-digital final exams by the year 2016. The contest ends on 1st of September, and the winners are about to scoop hefty hardware prizes, also available as cash."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

55 comments

first post! (-1)

Anonymous Coward | about 8 months ago | (#44529527)

go linus! go finland! yay!

huuuvaa!!

cash money (0)

Anonymous Coward | about 8 months ago | (#44529533)

1,000 â

Re:cash money (0)

Anonymous Coward | about 8 months ago | (#44531717)

€ is available with: alt + shift + 2 on a US Keyboard

Burning Platform (5, Funny)

Freshly Exhumed (105597) | about 8 months ago | (#44529579)

Oh come on, Finns! Didn't you get the memo that only Windows 8 will provide a future for all students? Clearly the comparatively high quality and level of education of Finnish students is burning, and they must jump. It cannot be sustained, so the existing system must be abandoned. It is time to adopt the Microsoft education curriculum. With this, Finland can successfully, drastically reduce the number of educators, divest huge amounts of school real estate, slash maintenance costs, and give the five remaining students a wonderful head start on their success.

Yours truly, Stephen Elop.

Re:Burning Platform (0)

Anonymous Coward | about 8 months ago | (#44529799)

I know *one* Finn who didn't, but maybe it was an older Micro Soft memo... :-)

Re:Burning Platform (2)

Luckyo (1726890) | about 8 months ago | (#44530369)

Nokia got the memo. Rest of us saw what happened to nokia after believing the memo and used our common sense.

Re:Burning Platform (0)

Anonymous Coward | about 8 months ago | (#44530465)

This may be retaliation for Nokia moving their factories to China and laying off 2% of Finland's labor force.

Elop vs Linus (1)

unixisc (2429386) | about 8 months ago | (#44531753)

That would be a WWF battle worth a Helsinki or Oalu crowd! I guess the Finns could strike a compromise by rigging Linux to run on the Lumias. ;->

simple. effective. (1)

Anonymous Coward | about 8 months ago | (#44529609)

And this is how a tech-savy government should do things. Start with something open, encourage breaking it. Compare this to a 45 million euro fail [wikipedia.org] of other administrations.

And the winner is... Debian (0, Interesting)

Anonymous Coward | about 8 months ago | (#44529645)

It is also possible to take part in the competition as a team.

Debian just have to sign up as a team, make a rouge package, sign it and collect the money.

It would be much easier if the Matriculation Examination Board of Finland simply donated the money directly to Debian instead of making them jump through hoops like this...

Re:And the winner is... Debian (1)

gl4ss (559668) | about 8 months ago | (#44529693)

..?

they would still need to invent a way to get the distro to install it. if you can just install a .deb(signed by debian) you're eligible for prize, doesn't matter if the deb is that of nethack or netcat..

Re:And the winner is... Debian (0)

Anonymous Coward | about 8 months ago | (#44529697)

they would still need to invent a way to get the distro to install it. if you can just install a .deb(signed by debian) you're eligible for prize, doesn't matter if the deb is that of nethack or netcat..

... or "an important security update" to the kernel.

The Matriculation Examination Board of Finland does install security updates, don't they?

Re:And the winner is... Debian (1)

gl4ss (559668) | about 8 months ago | (#44529933)

well if you start nitpicking like that then any system, openbsd and whatever, is suspect to attack by it's creators if it's creators can get users to install the attack. like, no shit.

still, that would be a modification of the base system. that's outside the competitions scope, for obvious reasons.

Re:And the winner is... Debian (1)

Anonymous Coward | about 8 months ago | (#44530215)

A rouge package? Does it apply makeup to the faces in your digital photos?

Re:And the winner is... Debian (1)

Anonymous Coward | about 8 months ago | (#44531759)

Ladies pinch, whores use rouge.

This is how things should be done! (0)

Anonymous Coward | about 8 months ago | (#44529717)

That they launched a hacking contest to make sure it's secure is really cool. It's exactly what I would have done.

(And the worth of the prize equals the quality of security checks you'll get.) (But I'd not set and end to the contest. I'd give out at most one prize per year, and keep it going forever, so I'd *stay* safe.)

Nice to see a rare case of non-total-retardation in today's world of Idiocracy.

Hefty Prizes? (1, Insightful)

Anonymous Coward | about 8 months ago | (#44529773)

"At least three best competition entries, chosen by the jury, are awarded a smartphone or a tablet device valued at approximately 1.000 €. Possible prizes include Acer Iconia W700 11.6” 128 GB, Apple iPhone 5 64 GB, Apple iPad Retina 128 GB, Asus Vivo Tab RT TF600TG 64GB, Lenovo ThinkPad Tablet 2 10.1”, Samsung Google Nexus 10 32 GB or Sony Xperia Tablet Z 10.1”. Alternatively, the prize can also be given in currency. In addition to three best entries, the Matriculation Examination Board reserves the right to award additional entries using a set of criteria of its own choosing. Winners are announced on 3rd October 2013 on the website of the competition. Winners will also be informed by email."

maybe if you live in a country where the average salary is under $10k.

Re:Hefty Prizes? (0)

Anonymous Coward | about 8 months ago | (#44530341)

Proof that average /. AC never left his mom's basement and never tried working for a living: one thinks that there are countries with average salary over $10k and two others finding it immensely insightful.

You should get out more [wikipedia.org] . There are no countries like that. US median income is $50k/year. With Finland's average of ~$3k, $1000 prize is not something to spit on. FFS, even with US median monthly of $4k it's not something you'd just walk by.

Re:Hefty Prizes? (1)

jones_supa (887896) | about 8 months ago | (#44530983)

In any case, the prizes should be spicy enough that it's a better deal to reveal the vulnerability in the contest rather than to keep it to yourself and then later exploit it in the exam.

Re:Hefty Prizes? (1)

Anonymous Coward | about 8 months ago | (#44531259)

When considering "better" in that deal, you have to also consider all the risks included - if somebody else finds it before you, your winnings are zero, and if you try to sell it and your customer is actually a sting op by Finnish law enforcement, your winnings go deep into negative.

Re:Hefty Prizes? (1)

hoboroadie (1726896) | about 8 months ago | (#44533159)

You're comparing US median income with Finnish average income, and the units aren't precisely correlated.
You must be a veteran here.

Re:Hefty Prizes? (0)

Anonymous Coward | about 8 months ago | (#44533519)

$10K yearly salary genius, not monthly salary. Why assume $10K a month if there are no countries like that genius? Why not assume $10K/year, and only then a $1K prize becomes hefty.

Proof that just because you moved out of your mom's basement, and you know how to search wiki, still doesn't mean squat.

Doomed effort for multiple reasons (-1)

Anonymous Coward | about 8 months ago | (#44529775)

#1 "digabi" can be run in a vm and a cell modem in their laptop provides internet access

#2 the system cant be guaranteed to run on every laptop a student might own think missing device think proprietary broadcom windows only chipsets for network.

Re:Doomed effort for multiple reasons (1)

aliquis (678370) | about 8 months ago | (#44529815)

Is it supposed to be running on the students own machines? Not school desktops or school laptops or laptops given away from the school?

Re:Doomed effort for multiple reasons (2)

LilWolf (847434) | about 8 months ago | (#44529995)

Depends on the municipality. Some give students laptops from the school, some support students buying their own devices with x euros, some do nothing to help students secure a device.

It's important to note that they've made guidelines on what sort of devices are supported for the exam and the way it's done. It completely rules out any of the current tablets and pretty much narrows it down to a traditional laptops running x86(or amd64) processors. They've also got pretty good rules for setting up the exam environment.

That being said, I think there will be plenty of problems to sort through.

Re:Doomed effort for multiple reasons (2)

AliasMarlowe (1042386) | about 8 months ago | (#44530015)

Is it supposed to be running on the students own machines? Not school desktops or school laptops or laptops given away from the school?

The workstation specifications are given here [digabi.fi] . Booting from external media (DVD, USB) is a requirement, so although it's not stated, I'd expect that running Digabi inside a VM would not count.

#3 driver updates (1)

Joe_Dragon (2206452) | about 8 months ago | (#44531337)

You can just think the 2013 build will load and run fully on systems that come out 2-3-4-5 years from now.

Pre-final exam (0)

Anonymous Coward | about 8 months ago | (#44529829)

So the students best with computers are being motivated to find exploits they can use during the exam?

OMG Ponies! (4, Informative)

Anonymous Coward | about 8 months ago | (#44529845)

Seem to be two separate stories here...

1 - Matriculation Examination Board of Finland is replacing pen/paper exams with exams in a live-cd (or usb-booted live environment or similar) examination system (and with associated back end systems, databases, aaa, etc)

2 - Matriculation Examination Board of Finland is holding a hacking competition to find security flaws/vulnerabilities in the student live-cd OS.

BYOD is doomed for tests (1)

e**(i pi)-1 (462311) | about 8 months ago | (#44529857)

I believe, BYOD is doomed from the beginning, thats why graphing calculators (dinosaurs in comparison with modern smart phones) are still around: because of their limitations they can still be used for tests. Many questions for systems running on students hardware? How is the live system booted: DVD, memorystick? How does that work on a tablet? The biggest weakness is that the system is booted in a subsystem of an other OS. If the system interacts with a server, how do you prevent other internet access? How do you prevent other programs to be run? One major weakness for math testing systems accessed from a browser is that students can "google" or "alpha" the answer. Many system run the clock on the students system so that if the student runs a virtual machine and stops it, the clock stops. For testing systems with BYOD, there is always also the danger that the test leaks. Even with a completely locked down system, it is difficult to prevent that a student boots the OS in a virtual machine and have free range and post the test on the web. It needs only one student to do so. A test examinator can not see the difference (without considerable effort) whether the machine has booted up in a virtual machine or not. Ie only safe way to make a safe and accountable testing system is to make it on paper.

Re:BYOD is doomed for tests (3, Informative)

tommituura (1346233) | about 8 months ago | (#44530107)

Right now, all the details are up to evaluation whatever seems most feasible.

Taken from project's website, the most likely way forward now is a USB-bootable live Linux distro on a laptop that has been maximally gutted in its ability to access anything else but a predefined server and the USB stick it boots on. Like, not having hardware drivers for the hdd etc. There also won't be any other programs except those needed to do the test installed, and the exam participant's user account won't have privileges to install anything else either, of course. The systems are most likely going to be booted by the administrators before test begins, (and the laptops, if owned by the students, have to be turned in for checks -- although if it's done in the same spirit as checks for graphing calculators are, the actual checks are randomly done. No school has enough manpower to do a sweep checks for every machine). There most certainly won't be any virtualization software included with the programs the exam taker can run.

The problem would at that point to prevent the student to boot into another OS in the middle of exam, accessing whatever, and then booting back test system again. Maybe they'll include constantly home-calling ping to some central server which will notify the local admins that "exam taker #34234 is up to something no good. Go look over his/her shoulder constantly for a while". Also, rebooting the whole computer would most likely be visible enough for the exam administrators (who are, or should be, on constant outlook for cheaters in any case).

That being said... a entrepreneuring (and skilled) exam taker could, with some hardware hacking, overcome many of these blocks in order to bring unauthorized materials into the exam and maybe even succeed in going unnoticed. That's why I'd really think the school districts (or the state) should just scrap the BYOD idea and shell the cash for bunch of cheap (around €200 or so) laptops. Since they would be usable for many years only for this purpose with tailor-made OS, it won't have to be *that* powerful anyway.

Re:BYOD is doomed for tests (1)

Joe_Dragon (2206452) | about 8 months ago | (#44530585)

also what about drivers on the USB-bootable live Linux to cover the full range of BYOD hardware? or maybe they will need an USB wifi stick as well to make it easier and for less stuff to hack. But still what about a full screen VM that looks like it has it's own BIOS or some kind of EFI / UEFI looking GUI? and after you boot it you take the VM out of full screen mode.

Re:BYOD is doomed for tests (1)

jones_supa (887896) | about 8 months ago | (#44531117)

That's why I'd really think the school districts (or the state) should just scrap the BYOD idea and shell the cash for bunch of cheap (around €200 or so) laptops.

The whole BYOD thing might enable an überwizard to hide some completely discrete systems inside his laptop and communicate with them using special hot keys while the main OS is running normally. :) It's quite hard to engineer something like that, but a thing that should be given a thought.

Re:BYOD is doomed for tests (0)

Anonymous Coward | about 8 months ago | (#44535899)

My matriculation exam had at least 4 observers at any given moment(one on elevated seat at each side of the room), who also performed closer inspections for suspicious behaviour. I doubt cheating will be any easier even if one has their own computer.

Re:BYOD is doomed for tests (1)

Apotekaren (904220) | about 8 months ago | (#44530857)

In this case, some of these problems are non-issues. The exam is a national exam, taken simultaneously all over the country. So a "leaked exam" doesn't really matter once the exam has started since everyone that's supposed to be taking it, is sitting there taking it. The test timing is done on clock. The real one on the wall. Time from 9am to 3pm. Doesn't help if you can pause the program...

As for the internet part, they just need to have bootable USB-sticks, with the exams on them, tagged with the name and ID of the exam taker. The students boot the exam under supervision, and start. The answers are then saved locally onto the stick, and collected at the end of the day. Alternatively, a central exam server is put up locally(with no internet access), the computers connect to that for login/exam saving.

Also, these exams are overseen be at least 2 people at all times, and they're were sensitive to people breaking rules. Carrying a mobile phone is enough to get your exam failed, sometimes even all the exams of that spring/fall nulled. So any activity that's off from the normal test-taking would raise suspicion.

Maybe the Netherlands will counter (0)

Anonymous Coward | about 8 months ago | (#44530545)

with Minix in their high schools?

Re:Maybe the Netherlands will counter (1)

unixisc (2429386) | about 8 months ago | (#44531767)

And the Russians w/ ReactOS, Canadians w/ QNX, USians w/ Windows or OS-X, Germans w/ L4...

well this is a tough question ... (0)

Anonymous Coward | about 8 months ago | (#44530767)

dunno. i can chose the life long data retention of my exam scores -or- a one time cash prize?
i think i'm going to take the life long retention of (faked by me thru secret exploit) stellar exam scores >: )
blue green yellow pink

Rooted in 5 minutes (0)

Anonymous Coward | about 8 months ago | (#44530817)

The first root access was already gained in 5 minutes, but the race continues.

Re:Rooted in 5 minutes (0)

Anonymous Coward | about 8 months ago | (#44534913)

Should've used BSD instead...

More Linux = more Linux apps. (1)

edibobb (113989) | about 8 months ago | (#44556181)

Good! I would love to change to Linux when the apps I need are there. More Linux developers is a step in the right direction.
Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...